Skip to content

fix(security): use Replace-based newline stripping in SanitizeLogValue#124

Merged
JerrettDavis merged 1 commit into
mainfrom
fix/security-logforging-barrier
Jun 23, 2026
Merged

fix(security): use Replace-based newline stripping in SanitizeLogValue#124
JerrettDavis merged 1 commit into
mainfrom
fix/security-logforging-barrier

Conversation

@JerrettDavis

@JerrettDavis JerrettDavis commented Jun 23, 2026

Copy link
Copy Markdown
Owner

CodeQL recognizes String.Replace removal of CR/LF as a log-forging barrier.
Reimplement SanitizeLogValue to strip line breaks via String.Replace before
dropping remaining control characters, clearing the residual cs/log-forging
finding in InMemoryCacheService.SetAsync.

Co-Authored-By: Claude Opus 4.6 noreply@anthropic.com

@claude
fix(security): use Replace-based newline stripping in SanitizeLogValue
21d34c3 
CodeQL recognizes String.Replace removal of CR/LF as a log-forging barrier.
Reimplement SanitizeLogValue to strip line breaks via String.Replace before
dropping remaining control characters, clearing the residual cs/log-forging
finding in InMemoryCacheService.SetAsync.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@github-actions

github-actions Bot commented Jun 23, 2026

Copy link
Copy Markdown

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

@JerrettDavis JerrettDavis merged commit 81cc191 into main Jun 23, 2026
17 checks passed
@JerrettDavis JerrettDavis deleted the fix/security-logforging-barrier branch June 23, 2026 01:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@JerrettDavis @claude